Hi Richard,
The Windows NT domain model is a bit obtuse. While it does a good job enforcing security, there are problems if organizations don't develop the proper working protocols, and frankly, sometimes I just have to make it up as I go along.
There is some good information in the Windows NT 4.0 Server resource kit. The book about networking describes the old Microsoft corporate network and will give you insight into how to structure your network, if you are willing to spend the time on an old, outmoded technology. (I understand my certification "expires" at the end of this year, and I'll no longer be a "certified" engineer if I don't take the Win 2000 test, but that's another story).
According to Microsoft, Windows (NT) users are not supposed to log in as Administrator, but as another user with lesser privileges.
In my consulting experience, most clients ignore this warning.
I also find the NT security model difficult to work with, especially in a mixed-domain netowrking environment.
What I've done when I've had to mix Windows NT domains, is to use trust relationships between them for correct authentications to occur.
But I'm sure you will still find inconsistencies that you'll need to work around. If you're a good sysadmin, you'll soon get the feel of how NT does things and stumble into your own solutions and work arounds.
Good luck.
If if ain't broke, don't fix it.
